Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    241005-ygx7pa1all

  • MD5

    bc67ffeb9ddaf3cf567486e5949dd9b9

  • SHA1

    e1137e4d682e6ab3443f7bad311a14417fbba12e

  • SHA256

    27ad7063471bd340c87afea073113f4407566eb0ad383dd27e834ae9d7c7109b

  • SHA512

    c5609da919a385756cde30100638f873e56ec22e2fe8274e28cf6af2207f783f9fc4174415d6fd8c19ad6db2472ab13fd1ae3a433be19f6f955b08aec3059e90

  • SSDEEP

    49152:Uq15ow1lVIXH2+QoB/TJM+u80K7H9aIE8c2LJ8ojiYpQ:U012H2JoBLxh0EPE8c0yo9p

Score
10/10
lummadiscoveryevasionstealer

Malware Config

Extracted

Family

lumma

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      bc67ffeb9ddaf3cf567486e5949dd9b9

    • SHA1

      e1137e4d682e6ab3443f7bad311a14417fbba12e

    • SHA256

      27ad7063471bd340c87afea073113f4407566eb0ad383dd27e834ae9d7c7109b

    • SHA512

      c5609da919a385756cde30100638f873e56ec22e2fe8274e28cf6af2207f783f9fc4174415d6fd8c19ad6db2472ab13fd1ae3a433be19f6f955b08aec3059e90

    • SSDEEP

      49152:Uq15ow1lVIXH2+QoB/TJM+u80K7H9aIE8c2LJ8ojiYpQ:U012H2JoBLxh0EPE8c0yo9p

    Score
    10/10
    lummadiscoveryevasionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks